After all, what else could explain the tremendous hype over Ginger, something that no one knows anything about, by an inventor whose best work was in the medical field? Yet the hype is here, and Ginger (by all indications a motorised scooter) will apparently save the world and be "more important than the Internet."
Can you see the wince on my face? Can you see how hard it is to discuss a similarly hyped tech alliance to battle hackers? Onward I'll go, though. The new alliance is huge, by all indications. It brings together the industry's toughest competitors, including Oracle, AT&T, Cisco, Hewlett-Packard and even Microsoft, a company not known to leap quickly into any technology alliance.
The deal is they'll work together to swap vulnerability stories. Former President Clinton urged the creation of such a committee, and Commerceââ,¬"and future Transportationââ,¬"Secretary Norman Mineta (hmm: transportation and commerce? Perhaps Mineta has something do with Ginger) is an advocate of this nonprofit, to be known as the IT-ISAC (IT-Information Sharing and Analysis Centre for Information Technology).
On the surface, IT-ISAC sounds wonderful, but there's something wrong with this picture. Each of these companies might provide a general idea as to the kinds of attacks that it is receiving. But no company in its right mind will contribute the important stuff, such as specific exploits or a specific vulnerability in its product.
There's little chance that these vendors can disclose hack attempts against customers or inherent vulnerabilities in their applications. This leaves IT-ISAC with such thankless tasks as trying to data-mine hackers' IP addresses to figure out which hackers are attacking more than one company. In other words, the data they gather won't be valuable.
There is a better, less organised way of dealing with security vulnerabilities. Dozens of high-level organisations track vulnerabilities, including CERT, Security Focus and SecurityWatch. They are collecting real information and are publicising real vulnerabilities. IT-ISAC is simply being created for the protection of the vendors. The rest of us are on our own.
